ReadWrite - cyberattackshttp://readwrite.com/tag/cyberattacks
enCopyright 2015 Wearable World Inc.http://blogs.law.harvard.edu/tech/rssTue, 31 Mar 2015 13:46:55 -0700Today's Hackers Are Way More Sophisticated Than You Think<!-- tml-version="2" --><p><em>Guest author Lance Cottrell is the chief scientist at Ntrepid.</em></p><p>While the modern always-on, data-fueled environment spells opportunity for the enterprise, it also makes an attractive target for hackers. And the proliferation of such environments has turned hacking into a profession.</p><p>Today's serious hackers are no longer attention-seeking geeks trying to make a statement—instead, they're calculated criminals focused on acquiring information in a data-laden marketplace. </p><p>What does this mean to the technology user? Hackers have a growing and constantly evolving arsenal of attack methods, putting everyone with a connection to the Internet at risk. Everyone has something that hackers are interested in, whether bank account information, personal identification or credentials into corporate email accounts.</p><p>Users need to evolve in step. Malware and antivirus tools alone are not the solution. Organizations need to embrace robust ways of dealing with security breaches that can minimize their impact. In practice, this means automating rapid recovery of the IT infrastructure to a known good state.</p><h2>Defining Today’s Hacker </h2><p>Today’s breed of hacker did not just appear. Instead, the skilled professionals behind the latest security threats are the result of long-term evolution. When most people think about hackers and security, they are clinging to an outdated vision. </p><p>Hackers are now part of a highly specialized and distributed criminal ecology. The most basic layer is filled with individuals focused on finding exploits in software. Instead of using the exploits, these professionals often sell discoveries to groups specializing in packaging exploits and running them through botnets. Those individuals, in turn, rent their botnets to anyone who aims to gain unauthorized access to other computer systems.</p><blockquote tml-render-layout="inline"><p><strong>See also: <a href="http://readwrite.com/2013/07/31/how-to-build-a-botnet-in-15-minutes">How To Build A Botnet In 15 Minutes</a></strong></p></blockquote><p>Bottom line, hacking is no longer about bragging rights. While less sophisticated hacktivists still exist, today’s new hackers are doing this for money—and so aren't talking about their exploits.</p><p>It’s hard to tie an accurate dollar amount to the costs associated with hacking. However, the sophistication of today’s hacker is quite clear in the <a href="http://www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports">Ponemon Cost of Cyber Crime Study</a>, which shows a 20 percent increase in successful attack rates year over year, even as organizations continue to invest in security tools.</p><h2>How Do They Do It?</h2><p>Part of hackers' growing sophistication is a direct result of the vast number of attack methodologies at their disposal. They can pick and choose among denial of service attacks, viruses, worms, trojans, malicious code, phishing, malware, botnets and ransomware, any of which could play a key role in opening business data centers to intrusion.</p><p>Today's hackers also benefit from giant scale. They often build huge botnets from compromised computers they can harness in order to hack other systems. Often, the goal of these attacks is to compromise the desktop or workstations that allow them to work from within the organization. These attacks are launched against anyone and everyone, using generally less sophisticated techniques and better-known vulnerabilities.</p><p>Many attacks are also precisely targeted against particular individuals with access to sensitive information—proprietary corporate secrets, for instance, details of negotiations or other information that could be valuable to competitors or investors willing to base trades on it. These hackers are like snipers with carefully crafted attack plans.</p><p>The danger here is that their attacks are highly unlikely to turn up in your typical malware or antivirus detection system. That's because such threats are often tailored specifically for particular targets and rely on innovative techniques and zero-day vulnerabilities. As a result most detection systems won't have a clue what to look for.</p><p>Finally, modern hacker attacks are persistent. Once a hacker gets into one person’s corporate email, they can gather enough information to social engineer everyone else in the company. Patience is a real factor in these attacks. Attackers do not just come in, poke around and leave. In most breaches, it turns out that the hacker has been inside the network for months.</p><h2>How To Fight Back</h2><p>There is no silver bullet capable of stopping today’s attacker. Given that attackers are very likely to be successful in compromising their targets, we need a new approach to security.</p><p>For a new approach to take root, people first need to let go of the notion that no hacker will target them or their company because they "don't have anything worth stealing.” Today's hackers consider a lot of things valuable, especially financial information. Hackers are looking for online banking, credit card numbers or access to any other financials they can possibly find.</p><p>More to the point, almost any Internet resource stolen at scale can be turned into something valuable. So everyone is at risk.</p><p>That means the only way to assure the security of our computer systems is to assume that they have or will be compromised. We need to design networks in such a way that it's possible to revert them to a safe state. People have a mentality that when they are breached, they will simply clean it up. Instead, they need to think of themselves as always being in a breached state.</p><p>Bottom line, no business is ever entirely free of viruses. Occasionally, something is going to penetrate the browser. What separates winners from losers rests with the organization’s ability to make the consequences negligible.&nbsp;</p><p>When countering targeted attacks, remaining anonymous can prove instrumental. If the hacker never recognizes the target, they will not pull the trigger.</p><blockquote tml-render-layout="inline"><p><strong>See also: <a href="http://readwrite.com/2013/09/23/microvirtualization-os-virtualization-malware-security">The Virtual Path To Freezing Malware</a></strong></p></blockquote><p>Organizations also need the ability to isolate browser activity in addition to conducting a rapid reset to a known good state. Security optimized virtualization is key for both of these. Running the browser in a properly designed and configured virtual machine ensures that any compromise is contained, and the browser virtual machine can be rolled back to a saved clean state without impacting the user’s working documents.</p><p>The trick is to destroy any possible trace of infection without losing important work or documents. It's possible to preserve key documents and other material and to restore them to the virtual machine after reset, taking great care to ensure that doing so doesn't also create an avenue for the malware to survive as well.&nbsp;</p><p>Diverse resiliency is key. For example, good deep backups help neutralize the effectiveness of ransomware.</p><p>The trend towards walled garden architectures with a requirement for signed binaries and enforced sandboxing may help, but it will simultaneously reduce the flexibility and openness of our computers. It is unlikely that they will ever be completely reliable, and software will continue to have vulnerabilities so additional layers of protection will be needed for many years to come. <br tml-linebreak="true" /></p><p>Simply put, as hackers grow in sophistication, so too should our responses.</p><p><em>Photo by&nbsp;<a href="https://www.flickr.com/photos/viirok/">Johan Viirok</a></em></p>Defense against intrusion is no longer enough.http://readwrite.com/2015/02/04/sophisticated-hackers-defense-in-depth
http://readwrite.com/2015/02/04/sophisticated-hackers-defense-in-depthHackWed, 04 Feb 2015 07:00:00 -0800Lance CottrellMost U.S. Companies Under Cyberattack<!-- tml-version="2" --><div tml-image="ci01c1384b10012a83" tml-image-caption=""><figure><img src="http://a2.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTI2NDQ0MTU4MjQzMDg0NzY2.jpg" /><figcaption></figcaption></figure></div><p>A computer security company has written a report concluding that 82 percent of U.S. companies have experienced at least one online attack in the last year and 46 percent have experienced three or more attacks. </p><p>The report, commissioned by Malwarebytes and carried out by Lawless Research, spoke to 685 different IT “decision-makers”—primarily IT directors, managers, and CEOS—about Web security for their organizations. The respondents were from U.S. companies across a wide variety of fields, from agriculture to retail.&nbsp;</p><p>According to the report, 72 percent of the respondents said that the “number of exploitable browser vulnerabilities” was the most pressing security issue for their company, exceeding concerns about mobile security. </p><div tml-image="ci01c1388af0012a83" tml-image-caption="&lt;em&gt;Source: Malwarebytes research&lt;/em&gt;"><figure><img src="http://a4.files.readwrite.com/image/upload/c_fill,cs_srgb,w_620/MTI2NDQ0NDMzMzg5Mzk4NjU5.png" /><figcaption>&lt;em&gt;Source: Malwarebytes research&lt;/em&gt;</figcaption></figure></div><p>“Endpoints” are modes of access to the corporate network of a company and can include computers, mobile devices, tablets and even point-of-sale terminals.</p><p>Those surveyed said that the impact of such attacks was primarily a severe drain on company IT resources, with employees busy fixing malware problems rather than other projects; less than 10 percent of respondents said the issue was customer data being lost or stolen. </p><p>The report also notes an increase in the rise of ransomware, a specific kind of malware that restricts or otherwise negatively impacts a computer until a ransom is paid to the malware’s creator. Although only 15 percent of the people surveyed reported a ransomware attack of their company, respondents rated it as the highest severity threat for their company. </p><p>A McAfee Labs threats report <a href="http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2014.pdf">from June</a> noted that after experiencing an enormous rise ransomware in the second quarter of 2013, McAfee data has indicated a downward trend for the malware since then. This, however, could actually signal an <em>increase</em> in ransomware in the near future. </p><p>“The number of new ransomware samples has dropped for three straight quarters,” the McAfee report said. “McAfee Labs has confirmed that the trend is not the result of an anomaly. We have several theories for why this is happening, but we haven’t pinpointed an exact cause. It’s also possible we’re seeing a trough before another increase. That has happened with many other types of malware.”</p><p>While the amount of <em>new</em> ransomware detected by McAfee has been dropping, the total amount of ransomware has risen every quarter.</p><p>Malwarebytes itself has not been immune to <a href="http://www.jbgnews.com/2014/12/malwarebytes-forums-hacked-users-asked-to-change-passwords/592601.html">security breaches</a>. According to the company, its primary website was not compromised, but the server hosting its forums was. CEO Marcin Kleczynski blamed Invision, the company hosting Malwarebytes servers. </p><p>“Invision is known for having vulnerabilities and gets exploited all the time,” Kleczynski wrote on the forums. “Unfortunately, we fell victim to that.”</p><p>In a statement provided by Malwarebytes, a spokesperson said "there was no evidence of any risk to personal information, our website or business data" and the firm suggested that its forum users reset their passwords as a precautionary measure.&nbsp;</p><p><em>Photo by <a href="https://www.flickr.com/photos/saxonmoseley/288741595/">Saxon Moseley</a>.</em></p>Browser vulnerabilities are the most pressing security issue, study finds.http://readwrite.com/2014/12/04/cybersecurity-corporate-networks-ransomware-cyberattack
http://readwrite.com/2014/12/04/cybersecurity-corporate-networks-ransomware-cyberattackWebThu, 04 Dec 2014 14:11:48 -0800Richard ProcterWhite House Confirms Cyberattacks<!-- tml-version="2" --><div tml-image="ci01be3ad0b0012a83" tml-image-caption=""><figure><img src="http://a5.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTI1NjAyNTA2Nzg4MTA2MjEw.jpg" /><figcaption></figcaption></figure></div><p>The White House confirmed that it has been the victim of a cybersecurity attack, and the perpetrators are thought to be working for the Russian government. </p><p>White House officials speaking anonymously to the <a href="http://www.washingtonpost.com/world/national-security/hackers-breach-some-white-house-computers/2014/10/28/2ddf2fa0-5ef7-11e4-91f7-5d89b5e8c251_story.html">Washington Post</a> said that so far in the ongoing investigation, there is no evidence that bad actors breached any classified files. The NSA, FBI, and Secret Service are all involved in the investigation. However, officials are not commenting on whether other data was taken, or who is behind the attack. </p><p>“Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” a White House official told the Post. “We are still assessing the activity of concern.”</p><blockquote><p><strong>See also: </strong><a href="http://readwrite.com/2013/03/18/from-russia-with-bots-finding-the-source-of-cyber-attacks"><strong>From Russia With Bots: Finding The Source Of Cyber Attacks</strong></a></p></blockquote><p>The reason officials are suspicious that Russia is behind the attack is primarily because it is the country most capable of implementing it. U.S. officials regard Russia as among the most computer-savvy states. The Post has recently reported on a number of <a href="http://www.washingtonpost.com/world/national-security/russian-hackers-use-zero-day-to-hack-nato-ukraine-in-cyber-spy-campaign/2014/10/13/f2452976-52f9-11e4-892e-602188e70e9c_story.html">similar campaigns </a>thought to be implemented by hackers working for the Russian government, targeting NATO, the Ukrainian government, and an American researcher, among others. </p><p>However, aside from these suspicions and the fact that the White House attack looks similar to previous attacks of potentially Russian origin, there is no public evidence about who or what is behind it.</p><p><em>Photo by&nbsp;</em><a href="https://www.flickr.com/photos/bigberto/2770838680/"><em>Shubert Ciencia</em></a></p>Officials suspect Russian origins.http://readwrite.com/2014/10/29/white-house-confirms-cyber-attacks
http://readwrite.com/2014/10/29/white-house-confirms-cyber-attacksWorkWed, 29 Oct 2014 07:24:14 -0700Lauren OrsiniBeware: We May Be Entering The Age Of Cybersabotage<!-- tml-version="2" --><div tml-image="ci01b2826e50016d19" tml-render-position="center" tml-render-size="large"><figure><img src="http://a5.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTIyMzAzNTQ4MzEzNzI2MjMz.jpg" /></figure></div><p>Low-level cyberscuffles between nations may be about to escalate into more serious conflicts. U.S. government officials are reporting a new wave of attacks aimed at sabotage within the U.S., apparently originating from somewhere in the Middle East.</p><p>The New York Times <a href="http://www.nytimes.com/2013/05/13/us/cyberattacks-on-rise-against-us-corporations.html?pagewanted=1&amp;_r=0&amp;ref=technology">reported over the weekend</a> that saboteurs are using probes to look for ways to seize control of processing plants of mostly U.S. "energy companies" — presumably oil and gas producers. Senior officials with the Obama administration said the attacks are aimed at the administrative systems of 10 major American energy companies, which the sources have refused to name.</p><h2>Tension, Apprehension And Dissension</h2><p>To be sure, so far no one seems to have independently corroborated these alleged attacks. As such, there's no good way to know whether they are as potentially serious as these unnamed government officials — and, of course, the NYT — would have us believe.</p><p>If the warnings are sound, though, cyberwar escalation still wouldn't be a huge surprise. Security experts and government officials have long predicted that hackers bent on wreaking havoc will will eventually become as commonplace as those looking to steal government and corporate secrets.</p><p>In February, then-Secretary of Defense <a href="http://freebeacon.com/panetta-delivers-sharp-warning-about-cyber-attacks/">Leon Panetta warned</a> that the technology used in cyberattacks is able to "cripple a country, to take down our power grid system, to take down our government systems, take down our financial systems, and literally paralyze the country. That is a reality."</p><p>The U.S. and Israel provided the motivation for their enemies to pick up the pace <a href="http://readwrite.com/2010/11/16/new_research_stuxnet_designed_to_sabotage_irans_nu#feed=/search?keyword=stuxnet">with their cyberattack</a> on Iran's nuclear facilities several years ago.&nbsp;The two allies used the Stuxnet worm to damage centrifuges used in making high-grade uranium that could be used for nuclear weapons, according to the NYT. Experts believe Iran retaliated last year with the <a href="http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html">attack on Saudi Aramco,</a> one of the world's largest oil producers.</p><p>A virus unleashed on Aramco administrative offices wiped out data on thousands of computers, replacing the deleted files with a burning American flag. The hackers targeted Aramco's production facilities, government officials said. The mission reportedly failed because Aramco's administrative offices were on a network separate from that used for industrial control systems. Using separate networks in this way is a best practice recommended by security experts.</p><p>The Aramco attack was soon followed by a similar one <a href="http://www.bbc.co.uk/news/technology-19434920">launched against</a> Qatari energy company RasGas, which also claimed the attack was stymied because its compromised office network wasn't connected to production systems. Israeli officials said Iran's "cybercorps" was behind the assault. Iran organized the group after the Stuxnet attack.</p><h2>Tit For Tat</h2><p>These tit-for-tat attacks could be morphing into a new phase of cyberwar where the consequences are much greater than the damage caused by pilfering a company's trade secrets. Any attack that could destroy critical infrastructure — from oil production and the electric grid to manufacturing facilities and water treatment plants — has the potential to affect the lives of hundreds of thousands of people.</p><p>Experts have warned for years that industrial control systems that run these facilities are <a href="http://www.csoonline.com/article/680229/critical-infrastructure-unprepared-for-cyberattacks">filled with vulnerabilities</a> that could be easily exploited. Fortunately, hackers haven't yet been able to infiltrate the networks these systems are on.</p><p>To shore up the nation's critical infrastructure, President Barack Obama <a href="http://www.csoonline.com/article/728823/congress-needed-to-put-teeth-in-obama-s-cybersecurity-order">issued this year</a> an executive order requiring government agencies to share cyberattack information with private industry. Industry, however, is under no orders to share information with the government, and changing that will require action by Congress, which is struggling with the privacy implications of requiring companies to share data with government agencies.</p>Where hackers were once satisfied with stealing sensitive data, they now seem as bent on sabotage. Government officials say a new wave of cyberattacks hitting U.S. energy companies is aimed at seizing control of processing plants.http://readwrite.com/2013/05/13/beware-we-may-be-entering-the-age-of-cybersabotage
http://readwrite.com/2013/05/13/beware-we-may-be-entering-the-age-of-cybersabotageCloudMon, 13 May 2013 13:35:07 -0700Antone Gonsalves